radarcovid / radar-covid-ios Goto Github PK

Apparently some people are reporting that, after reporting their positive through the app, it cannot return to its normal state. Therefore, they stop sharing identifiers with other terminals, leaving the system unusable.

Some even indicate that this behavior has not been corrected in months.

Trying to look at unit tests for a way to test this functionality, I find that they are completely out of date and in fact not working due to a dependency on RxSwift.

On the other hand, it seems that the configuration server gives 72 hours of grace to go from an .infected state to a .healthy state. This is confirmed by the configuration of the TimeBetweenStatesDto model

Being impossible to test in a unitary way, I find that the file ExpositionUseCase.swift contains this expression (line 112), when the current state is .infected:

if expositionInfo.since == nil {
    expositionInfo.since = Date ()
}

Without documentation or some unit tests to track the functionality, I cannot say anything definitively, but this expression can end in an infinite cycle of .infected state, especially since this data is being saved in UserDefaults.

Could this be the reason why once a positive has been reported, the app is no longer usable?

EDIT: Here's some more documentation about the problem. Capture taken today 05/01/2021. App has been deleted and reinstalled

EDIT 2: The user reports that, once the old contact records have been manually deleted from Settings > Exposure Notifications, the application can be activated again.

Perhaps this procedure should be explained directly in the app, or we should be able to delete the records directly from it to avoid confusion.

Hello,

I just found a small issue when typing the diagnostic code. If you fill the 12 chars and try to remove the last one then 2 chars will be removed instead of just one.

Thanks.

There should be a develop branch on which to merge the pull requests the community will work on. Working with the master branch is not the most appropriate in any of the cases.

On the other hand, which branches are currently supporting the work and why are they not visible? Only the master branch is visible and we cannot understand the work that is being done.
Having the project in a single commit is a problem, but 5 days without a single commit is worrying.

Even if these keys were used in the pilot, they should not be committed.

• RadarCovid/Supporting: pinning certs, and private keys are exposed here.
• RadarCovid/Config: endpoints together hardcoded pre/pro keys.

They have been compromised, so:

1. .gitignore should be updated accordingly, adding these 2 rules, and removing the current ones.
2. Certs rotation should be done after reviewing Android app.

Hi
I installed the app in 1. July, but went to germany, since a week I am back, but last update according to the app is 1.7.2020
(I attach the screenshots), 2 friends of mine have update, 1.9.2020 which is also bad the other has 15.9.2020 which seems better
I also looked up in (using iOs 13.7)
Exposure Notifcation (new in 13.7)--> Exposure Logging Status-->Exposure Checks:

There I see sort of activity Matched Key Count 0
BUT no daily keys were downloaded
I germany I obtained every day up to 5000 keys (and no match)
Something is not right here.
Any advice is strongly appreciated
regards
Uwe Brauer



ExposureChecks-2020-09-16-json.txt

Hola,

I have this statement inside my iPhone :

I see as well this in the exposure.json:

{
      "Timestamp" : "2021-01-06 00:29:09 +0100",
      "Files" : [
        {
          "Hash" : "-----xxxxxFBB43",
          "KeyCount" : 355502,
          "AppBundleIdentifier" : "es.gob.radarcovid",
          "Timestamp" : "2021-01-06 00:29:12 +0100"
        }
      ],
      "AppBundleIdentifier" : "es.gob.radarcovid"
    }

but I don't see any risk of exposure in the Radar App.
I am curious to know which version of the Exposure Notification Framework / the Exposure Notification System RADAR is using?

Version 1 or 2?

I'm facing the following bug:

Exposure notification switch in the app is off and disabled, I can't change its value.

If I check the app settings in iOS Settings App and open the Exposure Notifications permission, is empty:

I think it's the same bug that this in the German app. I tried to install the configuration profile provided in the fix but it's seems is not longer valid, it can't be installed.

I have the last version of the app (1.0.7) running on iOS 14 but the problem surfaced first when on 13.7.

Hi

the German Corona Warn has a wishlist page:

Wish list
One important feature seems to be a contact diary

See please

Desired features for a contact diary

There is already a pull request

Pull request for a contact diary

1. Could the radar covid please have a wishlist

2. And a contact diary

For reasons unrelated to this conversation, a proxy server has captured a Firebase trace on the network containing an iPhone XS Max with the RadarCOVID application installed.

The trace contains serialized information using Protobuf, whose origin is Google. Some of the information is as follows:

Remote host is
https://firebaselogging-pa.googleapis.com

I am not able to find references to Firebase in the code, but the project file contains a reference to a Pods folder, typical of Cocoapods. But there is no trace of a Podfile file to accompany it.

It is known that Firebase has SPM packages although in beta version and its main installation method is Cocoapods.
On the other hand, Firebase does not appear in the list of SPM dependencies of the project.
Likewise, Protobuf does appear as a dependency of the DP3T SDK as we can see here:

https://github.com/DP-3T/dp3t-sdk-ios/blob/develop/Package.swift

Lastly and unsurprisingly, the headers for that network request contain a Google API Key

AIzaSy[···]5zn1BCc

Since we don't have access to the project's commit history, these inconsistencies lead me to ask:

Was some kind of code cleanup done before sharing?

If so, it would be interesting to know why, in addition to documenting the lack of this code, that in production there seems to be evidence that it is there, but it is not reflected in the shared sources except for some somewhat obvious traces.

About iOS 12 Updates:

iOS 12.5 lets you opt-in to the COVID-19 Exposure Notifications system for your iPhone. System availability depends on support from your local public health authority. For more information see covid19.apple.com/contacttracing

Saludos.

Currently the app does not show any statistics, save the downloads and uploaded positive test results. It does, however, provide link to the official websites.

These sites are not very suited for a mobile device and slow to load, so could the app provide the statistical data in some parts of the app. I attach screenshots from the German Corona-Warn-App to make clear what I have in mind.

Thanks

Uwe Brauer

🔑 The DP3T SDK version 1.2.1 solved a bug to make exposure detections work again on iOS 13.7 and iOS 14.

The App Store version of Radar COVID should be updated ASAP.

App should infer as many settings as possible, using the user configured localization instead of making the user to choose the language. Also, using exit(0); has been considered against best practices in iOS, as per Apple's QA1561 Technical Q&A. Using standard localization strings is also being used in similar contact tracing apps, like Swiss Covid.

Is the team open to the following changes?

1. Infer user's language in language selector of WelcomeViewController.swift.
2. Use a more standard localization approach.

Hi,

While Contact Tracing works ok and show the positive contact, Radar Covid tell me 'Sin contactos de riesgo identificados'

--> IOS 14.01 / latest version of Radar Covid

Using the iPhone 11 Pro with iOS 13.6.1 the app waits for a sms code that never arrives.

Several labels contain spelling mistakes. These have been corrected in this PR: #10

En estos momentos en el que la lucha contra el COVID-19 es esencial en nuestro país no tiene sentido que se haya diseñado a nivel técnico y funcional la aplicación con una restricción tan básica como obligar a los usuarios a disponer de, al menos, la versión 13.5 de iOS para poder hacer un uso de una aplicación en estos tiempos tan esencial como es esta.

Sé que el motivo técnico que se argumenta de forzar la compatibilidad a iOS 13.5 como mínimo es usar la API de Apple para la notificaciones de detección.

Si Apple, por algún motivo que no ha hecho público, desea forzar la obsolescencia programada de los dispositivos con excusa de su API para notificaciones de exposición y detección, esto no es motivo que de cara a un diseño funcional de la aplicación se fuerce a los usuarios a actualizar los dispositivos Hardware en estos momentos, con el impacto económico que ello conlleva. Recordemos que en estos momentos la gran cantidad de población que se encuentra en paro o ERTES en España con motivo del COVID-19.

Además, hemos de recordar que la prensa ya se ha hecho eco de las limitaciones de la aplicación dejando un gran volumen de dispositivos fuera del alcance y uso de la misma, limitando de gran manera la efectividad que puede tener la aplicación ya que, para que pueda tener los resultados que se esperan de ella, es necesario que se la instalen una amplia mayoría de los usuarios.

Por todo lo expuesto, solicito un replanteamiento de los requisitos funcionales de la aplicación para que, se tenga en cuenta dispositivos que no están soportados y de manera paralela se trabaje con otro protocolo que al menos permita a esos usuarios poder acceder a las notificaciones, tal y como se ha realizado en otras aplicaciones similares de otros países como la del NHS del Reino Unido, COVIDSafe de Australia, o en otros modelos de éxito en el uso y despliegue de este tipo de aplicaciones como es el de Corea del Sur o China.

Referencias:
https://www.elespanol.com/omicrono/software/20200819/no-funciona-movil-rastreo-radar-covid-gobierno/513949006_0.html
https://www.abc.es/tecnologia/moviles/aplicaciones/abci-no-puedes-descargar-radar-covid-gobierno-deja-33-millones-espanoles-sin-poder-usar-aplicacion-202009141944_noticia.html
https://www.diariodesevilla.es/tecnologia/app-rastreo-RADAR-Covid-no-funciona-moviles_0_1493550811.html
https://www.applesfera.com/ios/ios-12-4-9-deseable-version-que-esperamos-soporte-a-api-radar-covid-para-iphone-5s-iphone-6
https://elpais.com/tecnologia/2020-08-13/por-que-no-puede-descargarse-radar-covid-en-algunos-moviles-chinos-y-otras-dudas-tecnicas-sobre-la-app.html
https://support.apple.com/es-es/guide/iphone/iphe3fa5df43/13.0/ios/13.0

I installed the App at the end of Aug 2020.

The exposure Api was working fine. I checked in Setttings -> Privacy. and I was a happy user.
The app wasn't updated in App Store from Aug 20 until Sep 16

Exposure Notification Express on iOS 13.7

https://developer.apple.com/documentation/exposurenotification/supporting_exposure_notifications_express
A few days ago, iOS 13.7 update enhanced behaviour of the exposure Api. To support several country apps it moves the setting to a new place and allows to use more than one country specific app. So when you travel the exposure app automatically select the appropriate app based on location. Also brings a export option of the exposure checks.

The issue

When I have seen today the exposure checks I realise that I didn't have notifications since a week ago even when I didn't change anything. I still had bluetooth enabled, I sill have the app installed. I didn't made any change on my side. Something has changed.
It could be on the RadarCovid servers or it could be that the update of Apple to support worldwide covid Apps had broken something. Maybe the apps need to be updated to interact with the exposure notification express api to see if they are in charge of notifications.

My exposure checks JSON

I attach my exposure checks json ExposureChecks-2020-09-17.json.zip
I kindly suggest to other members of GitHub to check (or export) their exposure checks json and verify if there is notification since the iOS 13.7 update. I would like that the issue only affects to me, but it could be possible that affects other users.

Useful links

• https://covid19.apple.com/contacttracing
• https://developer.apple.com/documentation/exposurenotification/supporting_exposure_notifications_express

I don't know if this was an app requirment but, a message to the user must be presented to let them know that the app not works with jailbreak devices.

This will be included into the AppDelegate instead of:

if JailBreakDetect.isJailbroken() {
     exit(-1)
}

Hi

The German corona warn app, https://github.com/corona-warn-app allows to import the QR code of a complete vaccination. In fact I was vaccintated in Spain and could successfully imported the QR code provided by the «ministerio de salud» https://cvd.sanidad.gob.es/cvdcovid/cvdcovid-formulario/index.xhtml

So could that feature also please be implemented for the Radar Covid App???
regards

Uwe Brauer

Hi

I am currently in Germany and was warned yesterday about a low risk encounter. Contrary to the radar covid app, the German corona warn does not provide the date of the counter. It does, however provide a sophisticated warning, namely low and high risk. Details can be found in https://github.com/corona-warn-app/cwa-documentation/blob/master/transmission_risk.pdf

Could the radar covid implement something similar, please

regards

Uwe Brauer

I get the feeling that the pre-production version has been uploaded to the AppStore. This capture is from a few minutes ago. I'm wrong?

Hi
I asked this on
https://github.com/corona-warn-app/cwa-backlog/issues/14#issuecomment-691527556
and that was the answer
The test phase starts with the country which are able to implement the connection to the EU gateway from their side at this time. Every EU country with an implemented connection can use the the gateway immediately. We have no influence on the implementation of the Spain app.

so why does radar covid does not implement this connection.
Spain depends very much on tourists, so it is in its own interest
regards
Uwe Brauer

Sharing the diagnosis with other EU apps should be the default option.

It seems that currently the default option is to only share it with Radar COVID users:

I don’t understand this design choice, IMHO it seems like a dark design pattern. I would even argue that there should not be a choice at all to restrict the diagnosis to only Radar COVID users (a simple notice should be sufficient), but if it has to be there, it should not be the default one for multiple reasons:

• Some users will not read or understand the choice.
• Some users will think that if there is a choice and it is not the default there should be something bad about it.
• Some users may think they only have to select the EU apps option if they have traveled to other countries. This is not true, it is important to alert users of EU apps visiting Spain.
• Deference to other EU apps which have been sharing all their diagnoses with the EFGS.

Also, as there is no longer a way to retrieve TEKs shared from Radar COVID without being merged with other EFGS TEKs nor public statistics, the community cannot measure how problematic this design decision is (ie. the fraction of users which have not opted in sharing the diagnosis with EU apps).

NOTE: I have only tested this behavior with the iOS app but I suppose it also applies to the Android app as well.

Hi
I cloned the repository in November, but when I pulled yesterday I obtained the following error
Removing RadarCovid/Application/JailBreakDetect.swift
Auto-merging README.md
CONFLICT (content): Merge conflict in README.md
Automatic merge failed; fix conflicts and then commit the result.

I run git fsck and obtained

dangling blob 32a1f36623b690a4e761c06f76d0bef514bc4201

I cloned the repository again and then everything was fine.

The latest update uploaded to the App Store, which version is 1.0.6, is using the pre-production backend, which is not intended and will cause the app to not work for anybody who updates to this 1.0.6 version.

Pre-production must not be in an App Store update which is intended to be spread to all final users. This needs to target production server.
This is an urgent issue that must be resolved quickly because the app will not work if everyone update to the latest version.

To prevent more users to update to this in the next hours and prevent another "kind-of virus spread", you just can:

1. Remove the app from sale, this will hide the app
2. Submit immediately a new update with the latest version or the new version targetting production server
3. Re-enable the app from sale on iTunes Connect

You need to make a new build targetting production servers as you have on this file:
https://github.com/RadarCOVID/radar-covid-ios/blob/develop/RadarCovid/Config/Config.swift

Update: They're aware of the issue. I've contacted them and they told me that they have fixed it server side and also pushed a new urgent update to AppStore.

• The app uses a non dynamic font type (Muli) that causes the app doesn't support accesibility text modes for people with visual disability. It must be changed to System font types and styles.
• Policy privacy and use conditions fields are so small for people with move disabilities.
• An image checkbox is not Apple UI standards compliant. An app is not a web page. You MUST use a UISwitch. In fact, there's a hidden UISwitch for a bad patch for accessibility that is confuse for voice over.
• Many image items are not set properly for to be ignored for the accesibility API.
• Apple Interface Guidelines said you must use UIPageControl for an welcome tutorial, not a "Continue" buttons.
• I suggest the use of the app Accesibility Inspector in Open Developer Tools in Xcode, to find and resolve all accesibility issues.

Best regards,

There is a jailbreak detection in place which I don't understand the purpose of. Jailbreak detection should be disabled to work in as many devices as possible (in fact, I'm not using it because of this issue)

If jailbreak detection is mandatory please explain why.

Hi
According to
https://as.com/meristation/2020/10/09/betech/1602269850_371869.html
only 10 % of the population has downloaded the app. That was in October, how is the situation now, and
where can I get actual information?
thanks and regards

Uwe Brauer

HI
I am using an iPhone, so that is why I open the issue here:
the issue RadarCOVID/radar-covid-backend-verification-server#6
was closed and reopened but no comment was written no reaction seen, giving that there is security problem
I find this reaction a bit strange to say the least.

Uwe Brauer

Similarly to Corona-Warn-App, the Radar COVID projects should include a Code of Conduct.

🔑 It seems to me that the app displays by default a "low exposure" label even if it encounters an error while retrieving the DPT3 exposure status and the exposure status is unknown. From ExpositionUseCase.swift:

case .inactive(let error):
        var errorEI = ExpositionInfo(level: expositionInfoRepository.getExpositionInfo()?.level ?? .healthy)
        errorEI.error = dp3tTracingErrorToDomain(error)
        return errorEI

Also, in this case no value is passed to the lastCheck property of the ExpositionInfo structure, so the app displays a default date of last check "01.07.2020", which is hardcoded in ExpositionViewController:

if let date = self.lastCheck {
    let formatter = DateFormatter()
    formatter.dateFormat = "dd.MM.YYYY"
    return formatter.string(from: date)
}
return "01.07.2020"

This combination makes the app give the impression that it is working even if it's not. In my opinion the app should default to something like "unknown exposure" in case an error is encountered while retrieving the tracing status from DP3T. At the very least the default date of "01.07.2020" should be changed to "Unknown date of last check" (properly localized of course) to better reflect that the app is not actually working. In the current state the app fails silently which could be seen as misleading.

Would you be open to a PR implementing this?